Additional Information

Here is the text from the security vulnerability: A specially
crafted request with a 'Transfer-Encoding: chunked' header and a'Content-Length' can cause the server to forward a reassembled
request with the original 'Content-Length' header. Due to this, the
malicious request may piggyback with the valid HTTP request.

It is possible that this attack may result in cache poisoning,
cross-site scripting, session hijacking and other attacks.

This issue was originally described in CAN-2005-2088 (Multiple
Vendor Multiple HTTP Request Smuggling Vulnerabilities). Due to the
availability of more details and vendor confirmation, it is being
assigned a new BID.
Note this defect has been resolved in an upcoming release of Apache
for NetWare. Further information about this defect indicates the
following:

The Apache Project has already submitted a fix for this issue
that will be released in version 2.0.55 of the httpd web server.
The ASF's policy toward vulnerabilities is that they try to patch
and release an update even before the vulnerability has been
announced. The fact that a patch as been committed to the
2.0.55-dev code base and the ASF seems to not be in a hurry to
release 2.0.55, indicates that this vulnerability is very
minor.